(12) INTERNATIONAL APPLICATION PUBLISHED UNDER THE PATENT COOPERATION TREATY (PCT) 


(19) World IntellectualProperty Organization 
International Bureau 

(43) international Publication Date 
30 January 2003 (30.01.2003) 



(10) International Publication Number 

PCT WO 03/009528 Al 


(51) Internatipnai Patent Classification^: H04L 12/02, 

, 12/28, 12/56. 

(21) International Application Number: PCr/US02/19819 

(22) International Filing Date: 16 July 2002 (16.07.2002) 

(25) Filing Language: English 

(26) Publication Language: English 


(30) Priority Data: 

09/907,606 


19 July 2001 (19.07.2001) US 


(71) Applicant: SBC TECHNOLOGY RESOURCES, INC. 

[US/US]; 9505 Arboretum Boulevard, Austin, TX 78759 
(US). 

(72) Inventors: ALLEN, Keith, Joseph; 10520 Oak View 
Drive, Austin, TX 78759 (US). CHEN, Weijihg; 10208 
Open Gate Drive, Austin, TX 78726 (US). SALGUERO, 
Anna; 12529 Sir Christopher's Cove, Austin, TX 78729 

" (us)." . 


(74) Agents: BERNSTEIN, Bruce, H, et al.; Greehblum c& 
Bernstein, P.L.C., 1941 Roland Clarke Place, Res ton, VA 
. 20191 (US). . 


(81) Designated States (national): AE, AG; AL, AM, AT, AU; 
AZ, BA, BB, BG, BR, B Y, BZ, GA, CH, CN; CO, CR, CU, 
CZ, DE, DK, DM. DZ, EG, EE, ES, H. GB, GD, GE, GH, 
GM, HR, HU, ID, IL, IN, IS, JP, KE, KG, KP, KR, KZ, LC, 
LK, LR, LS, XT, LU, LV, MA, MD. MG, MK, MN, MW, 
MX, MZ, NO, NZ. OM, PH, PL, PT, RO, RU, SD, SE, SG, 
SI, SK, SL, TJ, TM, TN, TR, TT, TZ, UA, UG, UZ, VN, 
YU, ZA,ZM.ZW. 

(84) Designated States (regional): ARIPO patent (GH, GM, 
KE, LS, MW, MZ, SD, SL, SZ, TZ, UG, ZM, ZW), 
Eurasian patent (AM, AZ, BY, KG, KZ, MD, RU, TJ, TM), 
European patent (AT, BE, BG, CH, CY, CZ, DE, DK, EE, 
ES, n, FR, GB, GR, IE, Ti; LU, MQ NL, PX SE, SK, 
TR), OAPI patent (BF, B J, CF, CG, CL CM, GA, GN, GQ, 
GW, ML, MR, NE, SN, TD, TG). 

Published: 

with international search report 

[Continued on next page] 


= (54) Title: VIRTUAL PRIVATE NETWORK OVER ASYNCHRONOUS TRANSFER MODE 


20 „ 22 -10 



00 

if) 

ON 


o 
O 


(57) Abstract: A communications network and method enable broadband service subscribers to dynamically select broadband 
service destinations they wish to access from subscriber customer premises equipment. The commuriications network is an ATM 
network including a plurality of ATM switches (10). The network also includes at least one directory server connected to the ATM 
network (14), at least one fiber terminating device connected to the at least one directory server, and at least one broadband destina- 
tion connected to the ATM network. Furthermore, the subscribers' customer premise equipment (2a) is connected to the at least one 
fiber terminating device. The method includes receiving a session request, which identifies a destination, in the at least one service 
gateway (4), wherein the session request is transmitted over a broadband connection using an Internet protocol. Next, using the at 
least one service gateway, an ATM network address of the destination from the at least one directory server is retrieved. Then an 
SVC! is launched over the ATM network from the at least one service gateway to connect the subscriber to the ATM network address. 
Finally, the subsequent packets are forwarded to die destiriation over the ATM SVC connectibh. 
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VIRTUAL PRIVATE NETWORK OVER 
ASYNCHRONOUS TRANSFER MODE 

The present application expressly incorporates by reference herein the entire disclosure 
of U. S. Application No. 09/907,606, entitled '"Virtual Private Networking Over Asynchronous 
Transfer Mode" , filed July 19, 2001. 

BACKGROUND OF THE INVENTIQN 

1. Field pfthe faye^tipn 

[0001] The present invention relates to a data commmiications network. In particular, the 

present invention discloses a technique for utiliziag ATM SVCs (Asynchronous Transfer Mode 
Switched Virtual Circuits) to enable broadband service subscribers to dynamically choose the 
broadband destmations they wish to access in a manner that does not cause undue administrative 
overhead to the network carrier or broadband destination provider. 

■2, Acronyms 

[0002] The written description provided herein contains acn:onyi^ 

telecommunications services, components and techniques, as well as features relating to the 
present invention. Although some of these acronyms are Mown, use of these acronyms is not 
strictly standardized in the art. For purposes of the written descripti herein, the acronyms are 
defined as follows : 

ADSL Transmission Unit-Remote (ATU-R) 

Asynchronous Transfer Mode Switched Vhtual Circuit (ATM SVC) 

Customer Premises Equipment (CPE) 

Internet Protocol (IP) 

Intemet Service Provider (ISP) 

Local Area Network (LAN) 

Layer 2 Tunneling Protocol (L2TP) 

Lightweight Directory Access Protocol (LDAP) 

Multi-Protocol Label Switching (MPLS) 

Network Selection Access Point (NSAP) 

Peripheral Component Interface (PCI) 
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Point-to-Point Protocol (PPP) 

PPP Tunnel Aggregation (PTA) 

Plain Old Telephone Service (POTS) 

Permanent Virtual Circuit (PVC) 

Switched Virtual Circuit (SVC) - ■ 

Transmission Control Protocol/Intemet Protocol (TCP/IP) 

Service Selection Gateway (SSG) : 

Universal Serial Bus (USB) 

Virtual Private Network Over Asynchronous Transfer Mode (VPNoATM) 
3. Discussion of Background Information 

[0003] Many network carriers are providing broadband access services to large numbers 

of subscribers using xDSL, cable modem, and other approaches. Currently, subscribers are 
typically connected to a single data service provider, usually an ISP, at service subscription time 
using a point-to-point or "nailed up" connection. Changing the destination accessed by the 
subscriber can only be done v/ith administrative action on the part of the carrier. 
[0004] However, network carriers are now beginning to deploy broadband service 

"gateways" to which broadband subscribers will be connected. These gateways are able to 
interpret data sent from the subscriber's terminal to the network, and dynamically coimect the 
subscriber to their desired destination. This enables a subscriber to, for example, connect to their 
ISP for a session, and then switch to their employer's corporate LAN so that the subscriber may 
work from home. 

[0005] An example of the aforementioned technology is disclosed in U.S. Patent No. 

6,141,3^9, which provides a communications network that includes broadband networks and a 
service node to facilitate communications services for an end-user. In particular, the networic has 
the ability to implement ATM S VCs. Furthermore, the network converts POTS traffic to ATM 
traffic at the residence. 

[0006] However, U.S. Patent No. 6,141,339 has a major disadvantage in that it requires 

one connection for each destination. In other words, multiplexing or aggregation does not occur* 
As a result, the network is quickly overburdened with many independent connections. 
Furthermore, the network becomes very difficult to administer. 

[0007] Another example of the aforementioned technology is provided in the reference 

entitled "Cisco Asynometric Digital Subscriber Line Services Architecture" ( referred to as **White 

2 'r-J:::::-.^^^ 
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Paper"). In particular, the White Paper technology recognizes the advantages of aggregation by 
utilizing a variety of approaches. 

[0008] Similar to the approach described in U.S. Patent No. 6,141,339, the White Paper 

describes schemes that rely upon static or "nailed-up" connections to each of the possible 
destinations a subscriber might wish to access. If the destinations only include service providers 
such as ISPs and video-on-demand providers, static connections are not a big problem. When ; 
enterprise data networks are added as possible destinations, however, - each gateway must be 
connected to each destination, so the number of connections required is combinatory. In a large 
metro area with just a couple of dozen gateways but thousands of corporations wishing to give 
their employees broadband access to their networks from home, the number of coimectioiis can 
grow into the hundreds of thousands. Maintaiiiing these connections as enterprises are added and 
removed, requires significant adniinistrative effort on the part of the carrier. 
[0009] The White Paper also discloses an approach that utilizes SVCs from CPE 

(customer premises equipment) to the edge of the network. In this scheme, the core of the 
network implements transmission of data utilizing the well-known Internet Protocol (IP) and a 
new standard Multi-Protocol Label Switching (MPLS). MPLS is currently an evolving Internet 
Engineering Task Force (IETF) standard that has not been widely deployed. Furthermore, the use 
of MPLS does not leverage the currentiy provisioned ATM networks. In addition, by laiinching 
SVCs from the CPE, the subscriber at the CPE is required to interact with a technology that many 
people are not familiar with. 

BRIEF DESCRIPTION OF THE DRAWINGS 
[0010] The present invetition is fiirther described in the detailed description which 

follows, with reference to the noted plurality of drawings by way of non-limiting examples of 
exemplary embodiments of the present invention, in which like reference numerals represent 
similar parts throughout the several views of the drawings, and wherein: 
[0011] Figure 1 is a system architecture diagram of an embodiment of the present 

invention which illustrates the virtual private network over asynchronous transfer mode 
(VPNoATM) architecture with a stand-alone gateway according to an aspect of the present 
invention; 

[0012] Figure 2 is a system architecture diagram which illustrates a second embodiment 

of the invention including an integrated access multiplexer and broadband service gateway 
according to an aspect of the present invention; 
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[0013] Figures is a table wMch depicts an example of enMes provided 

server according to an aspect of the present invention; 

[0014] Figure 4 is a flow diagram showing the process of establishing a virtual private 

network over asynchronous transfer raode (VPNoATM) according to an aspect of the present 
invention; 

[0015] Figure 5 is a flow diagram showing the process of establishing multiple sessions 

according to an aspect of the present invention; ■ : ; 

[0016] Figure 6 is a flow diagram showing the process of estabUshing coime^^ 

[0017] Figure 7 is a flow diagram showing the process of tenninating connections 

according to an aspect of the present invention; 

[0018] Figure 8 is a call flow diagram showing the process of establishing a virtual private 

network over asynchronous transfer mode (VPNoATM) according to an aspect of the present 
invention. 

DETAILED DESCRIPTION OF AN EMBODIMENT 
[0019] The particulars shown herein are by way of example and for puiposes of 

illustrative discussion of the embodiments of the present invention only and are presented in the 
cause of providing what is believed to be the most useful and readily understood description of 
the principles and conceptual aspects of the present invention. In this regard, no attempt is made 
to show stmctural details of the present invention in more detail than is necessary for the 
fundamental understanding of the present invention, the description taken with the drawings 
making apparent to those skilled in the art how the several forms of the present invention may be 
embodied in practice. 

[0020] The present invention removes the aforementioned disadvantages by enabling the 

broadband service gateway to dynamically establish a connection to the destination only when 
a connection is required while utilizing the presently existing ATM networks. Rather than relying 
upon "permanent" connections between the gateway and the destinations, "switched" coimectidns 
are established using the SVC capabilities of ATM equipment. Because the gateway 
automatically establishes these connections when required and fewer connections are thus in 
place, the administrative burden of maintaining these connections is removed. However j the 
ability of the subscriber to dynamically choose destination is retained. Also, the way in which 
the subscriber communicates with the network does not change. 

[0021] Furthermore, an advantage of the present invention is that it allows subscribers to 
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utilize mainstream IP Point-to-Point Tunneling Protocol (PPP) on the edge of the 
conimunications network (i.e., at the GPE) and utilize existing ATM networks in the core of the 
conrm\mications network. An aspect of the present invention uicludes expanding the capabilities 
of broadlDaiid service gateways to utilize a directory server and the SVC capabilities of the ATM 
switches in the manner described herewith. 

[0022] Another advantage of the present invention is that it removes the administrative 

overhead of maintaining a static connection from each gateway to ea;cb possible destination by 
providing a method for dynamically establishing a cbiinection to a destination only when one is 
required. The subscriber continues to access the network and request sessions just as before, 
using PPP protocol or a protocol with similar capabilities. Also, the subscriber may continue to 
specify a requested destination by specifying a structured user name, as before. 
[0023] In particular, the domain name supplied by the subscriber is received by the 

gateway and mapped to an ATM network address with the use of a directory server. If the 
gateway does not have an existing connection to that destination, the gateway creates a connection 
by launching an ATM SVG to the destination using the ATM network address retrieved from the 
directory server. If multiple subscribers on the same gateway seek to acbess the same destination, 
their sessions can be multiplexed onto a single switched connection using L2TP, PTA, or some 
other connection-sharing approach. The connection is maintained for as long as any subscriber 
is using it, and then can e ven be maintained for some additional period of time in case someone 
else requires it to reduce the amount of connection setup and tear down processing. 
[0024] Eventually, though, inactive connections are torn down to conserve network 

resources. So, rather than maintaining a combinatory number of coimections between the 
gateways and destinations, the carrier need only to provide an entry in a directory server that 
enables each domain name to be mapped to an ATM network address. When a new gateway is 
added, it need only be set up to access the directory server, where the gateway will find entries 
for each of the destinations the gateway will have to contact. In addition to ATM network 
addresses, service-related information can be stored in the directory server. 
[0025] According to an aspect of the present invention, a method for enabling broadband 

service subscribers to djmamically access, from subscriber customer premises equipment, 
broadband service destinations via an ATM network is provided. The ATM network includes a 
plurality of ATM switches, the customer premises equipment being connected to at least one 
service gateway via at least one fiber terminating device, and the at least one service gateway 
being connected to at least one directory server. The method includes receiving a session request, 
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which identifies a selected one of the broadband destinations, in the at least one service gateway, 
wherein the session request is transmitted over a broadband connection using an Internet protocol; 
retrieving, using the at least one service gateway, an ATM network address of the selected 
broadband destination firom the at kast one directory server; launching an SVG over the ATM 
network from the at least one service gateway to connect the subscriber to the ATM network 
address; and forwarding the session request and subsequent packets to the selected destination 
to establish a session over the ATM SVC connection. 

[0026] According to another aspect of the present invention, when the subscriber 

terminates the session, the at least one service gateway tears down the ATM SVC connection. 
In yet another aspect of the present invention, the at least one service gateway retains the ATM 
SVC connection for a predetermined period of time before the ATM SVC connection is torn 
down. 

[0027] In another aspect of the present invention, the method further includes concurrently 

establishing multiple sessions for one subscriber using a plurality of ATM SVC connections 
mapped to a plurality of different destinations. According to a further aspect of the present 
invention, the method farther includes sharing the ATM SVC connection with a plurality of 
subscribers such that each subscriber has a session established to the same destination. 
[0028] In another aspect ofthe present invention, connection sharing is established by 

multiplexing each of the plurality of subscribers sessions onto a single SVC connection using one 
of Layer 2 Tunneling Protocol andPPP Tunnel Aggregation, According to still a further aspect 
of the present invention, the at least one directory server is provided with a table which correlates 
ATM network addresses with domain names. 

[0029] Other aspects of the present invention includes a table which further includes a 

connection sharing protocol for each domain name. Further aspects ofthe present invention 
include wherein the table further indicates whether the session is exclusive for each domain name. 
According to other aspects ofthe present invention, the table further includes whether caller I.D., 
for security purposes, is provided when sessions axe established to the destination identified by 
the domain name. 

[0030] According to another aspect of the present invention, the retrieving further 

includes querying the at least one directory server with a domain name^ md receiving back the 
respective ATM network address, connection sharing protocol, data on whether the session is 
exclusive, and whether caller I.D. for security purposes is provided, for the domain name which 
has been queried. 
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[0031] According to still a further aspect of the present invention, the at least one service 

gateway is provided with a database which is updated each tinfie a subscriber logs in and logs out, 
to internally track existing ATM SVC connections. According to another aspect of the present 
invention, the at least one service gateway comprises a plurality of service gateways located in 
different geographical regions. 

[0032] In yet another aspect of the invention, the plurality of service gateways access 

different directory servers which are loaded with ATM network addresses for different 
geographical regions, thus preventing service gateways in one region from launching ATM SVCs 
to destinations in other regions. In another aspect of the present invention, the at least one fiber 
terminating device and the at least one broadband service gateway are integrated into one unit. 
According to still a further aspect of the present invention, the at least one fiber terminating 
device comprises one of a multiplexer and a cable television head-end. 

[0033] Other aspects of the present invention include establishing a permanent virtual 

connection between the subscriber customer premise equipment and the at least one service 
gateway. According to other aspects of the present invention, the Internet protocol is point-to- 
point protocol (PPP). 

[0034] According to another aspect of the present invention, a data communications 

network for enabling a broadband service subscriber to dynamically select at least one broadband 
service destination from subscriber customer premises equipment, is provided. The 
communications network includes an ATM network including a plurality of ATM switches; at 
least one fiber terminating device; at least one directory server - and at least one broadband service 
gateway connected to the ATM network, the at least one fiber terminating device, and the at least 
one directory server. The at least one service gateway receives Internet protocol packets, 
associated with a session request and transmitted from the customer premises eqmpment, via the 
at least one fiber terminating device, the at least one service gateway then launches an ATM SVC 
connection over the ATM network to connect the subscriber to the at least one broadband service 
destination in response to the session request from the customer premises equipment. 
[0D35] According to another aspect ofthe present invention, point-to-poiiit protect 

is used to transmit data from the customer premise equipment to the at least one service gateway. 
In yet another aspect of the invention, a permanent virtual connection between the customer 
premises equipment and the at least one service gateway. In another aspect of the present 
invention, the at least one service gateway comprises a plurality of gateways located in different 
geographical regions. 


# 
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[0036] According to still further aspects of the present invention, the pliiialily of gateways 

access different directory servers which are loaded with ATM network addresses appropriate for 
each different geographical region, preventing gateways in one region from launching ATM 
SVGs to destinations in another region. Other aspects include a pemianent virtual connection 
established between the at least one service gateway and the at least one directory server. 
[0037] According to a further aspect of the present invention, the at least one fiber 

teiininatirig device and the at least one broadband service gateway are integrated Mto d unit. 
Li yet another asjpect of the present invention, the at least one service gateway is provided Avith 
a database which internally tracks existing ATM SVC connections. ; 

[0038] Additionally, other aspects of the present invention include concurrently 

established multiple sessions for the subscriber using a plurality of ATM SVC connectidns 
mapped to a plurality of different destinations. In another aspect of the present invention, a single 
ATM SVC connection is shared with a pliurality of subscribers such- that each subscriber has a 
unique session established to the same destination. 

[0039] According to still a further aspect of the present invention connection sharing 

includes multiplexing each session into a single SVC connection using one of Layer 2 Tunneling 
Protocol and PPP Tunnel Aggregation. Further aspects of the present invention include providing 
the at least one directory server with a table which correlates ATM network addresses with 
domain names. P-urther aspects of the invention includes a connection sharing protocol for each 
domain name in the table. 

[0040] Other aspects include wherein the table ftulher indicates^ 

exclusive for each domain name. According to a further aspect of the present invention, the at 
least one broadband service gateway queries the at least one directory server with a domain name, 
and the at least one service gateway receives back a respective ATM network address, and 
connection sharing protocol data indicating whether the session is exclusive, for that respective 
domain name. According to a still further aspect of the present invention, the at least one fiber 
terminating device comprises one of a multiplex:er and cable television head-end. 
[0041] According to still a further aspect of the present invention, a computer readable 

medium storing a computer program that enables broadband service subscribers to dynamically 
access, from subscriber customer premises equipment, broadband service destinations via an' 
ATM network comprising a plurdity of ATM switches, the customer premises equipment being 
connected to at least one service gateway via at least one fiber terminating device, the at least one 
service gateway being connected to at least one directory server. The computer readable medium 
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includes a source code segment that receive a session request, which identifies a selected one of 
the broadband destinations, in the at least one service gatewayj wherein the ses 
transmitted over a brpadband connection using an inteniet protdcol; a soiirce code segment that 
retrieves, using the at least one service gateway, an ATM network address of the selected ; 
broadband destination from the at least one directory server; a source code segment that launches 
an SVC over the ATM network from the at least one service gateway to connect the subscriber 
to the ATM network address; and a source code segment that forwards the session request and 
subsequent packets to the selected destination to establish a session over the ATM SVC 
connection. 

[0042] Other exemplary embodiments and advantages of the present invention may be 

ascertained by reviewing the present disclosure and the accompanying drawings. 

1. System Overview 

a. System Components 

[0043] Figure 1 illustrates a first embodiment of the present invention. Broadband service 

subscribers 2a-c providing their own customer premises equipment (CPE), such as computers, 
are connected to an access multiplexer 4 in their neighborhood with hi^-speed access lines 6, 
such as xDSL. For sake of explanation, ADSL will be used throughout the remainder of the 
specification, however, the present invention is not Umited to use of ADSL. 
[0044] An ADSL modem (not shown), which utilizes Ethernet protocol or any other 

acceptable protocol, is utilized as an interface between the subscriber's CPE 2a-e and the ADSL 
access line. For instance, a customer's computer can be connected to the ADSL modem via an 
Ethernet cable, though USB versions of modems may also be used The subscribers can provide 
their own ADSL modem, but typically the carrier provides an ADSL modem. 
[0045] The access multiplexer4 is connected to an ATM backbone network 8, including 

one or more ATM switches 10 that support both permanent virtual circuits (PVCs) and switched 
virtual circuits (SVCs). Also connected to the ATM network 8 are one or more broadband 
service gateways 12, oneor more directory servers 14, and broadband service providers 16a-c, 
such as ISPs, video-on-demand providers, and enterprise data networks. The broadband service 
providers 16a-c terminate their connections to the ATM network 8 with an IP router or perhaps 
a broadband service gateway of their own (not shown). Gateways 12 in different geographical 
areas will access different directory servers 14 which are loaded with ATM network addresses 


• 
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appropriate for that area. This prevents gateways 12 in one city from launching SVGs to 
destinations in another city. 

[0046] While the carrier's broadband service gateway 4 is shown in Figure 1 as a separate 

piece of equipment, it can be integrated with either the access multiplexer 12 or the ATM 
switches 10. Figure 2 illustrates a second embodiment of the present invention in which the 
access multiplexer 4 and broadband service gateway 12 arc integrated together. 
[0047] Broadband access multiplexers 4, such the Alcatel ASAM 1000 and AS AM 7300, 

and ATM switches 10, such as the Alcatel 7670, Lucent GX 500 and GBX 550, capable of 
supporting both PVCs and SVCs are widely available. Broadband service gateways 12, such as 
the Nortel BSN-5000 are also available. Finally, IP routers silch as the Cisco 3600, 6400, 7200 
and 7500, are capable of terminating ATM SVCs are also currently availabl^^ 
[0048] Directory servers 14, such as those using the Lightweight Directory Access 

Protocol (LDAP) and software cajpable of being run on a general-purpose computer are also 
commonly available. LDAP is a likely choice for implementation of the directory look-up 
function, but others could also be used. Gateway 12 will receive back the information stored iii 
directory server 14 that is associated with the specified domain name. 

b. Addition of Components to the Network and Dedicated PVC's 

[0049] Establishing service for each new subscriber requires provisioning a broadband 

access line 6. It also entails creating a permanent virtual connection (PVC) 18 from CPE 2a-c to 
broadband service gateway 12 for each subscriber. The ADSL modem on each subscriber's 
premises will then take the data trafSc firom the subscriber, insert it into ATM cells, and send the 
ATM cells across the PVC established for that subscriber to service gateway 12. It will also 
perform the opposite for data coming back fi-om service gateway 12. 

[0050] To add a new broadband service gateway 12 to the communications network, 

gateway 12 must be connected to ATM network 8, and provisioned with ATM SVC capabilities. 
Then, gateway 12 may be loaded with data it heeds to access directory server 14 for the purpose 
of resolving domain names. It should be noted that for inter-component coinmunicatidns, 
broadband service gateway 12 is also connected to directory server 14 over a PVC connection 22. 
Alternatively, the connection between gateway 12 and directory server 14 may be an Ethernet 
connection or the like. 

[0051] To add a new destination 1 6a-c, the destination subscribes to the service with the 

carrier and is provisioned with an ATM access line 7 (from Figures 1 and 2) capable of 
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supporting SVCs. As part of this process, an ATM network address will be assigned to the 
destination. The destination 16a-c also provides the carrier with a domain name that the 
destination wishes to have associated with it, and the domain name will be matched to the 
assigned ATM network address. Also, a database in directory server 1 4 will be updated The 
directory server database will be described in fiirfher detail in the following section. Other service 
parameters negotiated with the destination can be included and will also be discussed later in the 
specification. ■ 

[0052] One advantage of integrating gateway 12 into the access multiplexer 4 (from 

Figure 2) is thiat the proximity between gateway 12 and multiplexer 4 g^^ 
establishing the dedicated PVC communications link 18 required between both components. In 
other words, a portion of the dedicated PVC 18 between multiplexer 4 and gateway 12 is 
eliminated. As a result, for each subscriber 2a-c the required PVG coimection 18 is greatly 
simplified and can be replaced with internal connections within the integrated multiplexer 4 and 
gateway 12. 

c. Directory Server Database, Gateway Database & Other Features 
[0053] Each directory server 14 is provided with a database storing a table, an example 

ofwhichis illustrated in Figure 3. The database is loadedwith a variety of mapping infori^ 
such as the destination domainname of eachISP or enterprise, an ATM network address for each 
destination domain name, and information for other service related features, such as "Coimection 
Sharing" and "Exclusive Sessions". For example^ amultiplexmg scheme to be used to multiplex 
multiple subscriber sessions to ATM SVG connection 20 (fi:om Figures 1 and 2) can be included, 
as well as an indication that multiplexing is not supported. These features will be discussed in 
greater detail later in the specification. 

[0054] It is noted that the information in directory server' s 14 database is somewhat static 

and not subject to be changed often. Nevertheless, the data in directory server's 14 database will 
be updated when gateway 12 or destination 16a-c is added or dropped fi^om the coinmunications 
network. In particular, the service carrier wiU create a new row in the database within directory 
server 14. This row may include the domain name as the key, the ATM network address assigned 
to the destination, and whether connection sharing, exclusive sessions, arid cttier features are 
allowed. 

[0055] Gateway 12 is also provided with its own database, which internally tracks ATM 

SVC connections akeady in place, to assist in tracking how many users are on an established 

11 
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ATM SVC connection 20. Tracking is accomplished by updating the database in gateway 12 
each time a user logs in and out. As compared to the database in directory server 14 which is 
considered somewhat static, the database in gateway 12 tracks real-time session activity, which 
is inherently more dynamic. 

[0056] Another feature can be provided wherein gateway 12 forwards to ISP or enterprise 

16a-c, information about the subscriber. Thus, information can be provided as a isecurity feature 
which functions similar to caller ID (see Figure 3). This feature is particiilarly suited for 
providing information to ISPs or enterprises to prevent unwanted logms from unauthorized users. 
For example, ADSL line numbers could be forwarded to destination 16a-G and the destinations 
could determine whether or not a current incoming call matches the authorized ADSL line. This 
feature is disclosed in further detail in U.S. Application, entitled "Method and System for 
Broadband Network Access", filed on April 27, 2001 by Allen et al.j the disclosure of which is 
expressly incorporated by reference herein in its entirety. 

2. System Operation 

[0057] Figures 4-7 are a flow diagrams which illustrate an exemplary manner in which 

the virtual private network over asynchronous transfer mode (WNoATM 

a Establishing an ATM SVC Connection 

[0058] Figure 4 is a flow diagram showing an exemplary process of establ^ 

SVC connection 20 (from Figures 1 and 2) accordmg to aii aspect of the present invention. To 
request a session, subscriber 2a-c will initially sxq)ply destination information required by gateway 
12 at s3. In other words, the subscriber sends ia a request to talk to destination 16a-c, such as 
"ISPl.com". Subscriber 2a-c can use a Point-to-Point Protocol (PPP) or a similar protocol to 
establish sessions with desired destinations 16a-c. The PPP protocol datagrams are then carried 
over broadband access connection 6 through access multiplexer 4 to gateway 12 at s5 
[0059] To assist subscriber 2a-c, a selection menu or GUI may be provided for the 

subscriber to select service provider or destination 16a-c. Various embodiments for the selection 
menu are available. For instance, an icon may be provided, which upon selection, requests 
subscriber 2a-c to input a destination address (e.g., "ISPl.com"). At this time, a user ID and 
password may also be requested. Or the selection menu can be as basic as an icon representative 
of the actud ser^ce provider 16a-c with default parameters already previously defined 
[0060] Ats5, when gateway 12 receives the request to establish a session firom subscriber 
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2a-c, gateway 12 will then send a queiy to directory server 14, using a domain name, such as 
"ISPl.coin" as a key into the directory server's database at s7. In response to the ijuery from 
gateway 12 j directory server 14 sends the ATM network address or Network Selection Access 
Point (NSAP) affiliated with the destination domain name from the request to gateway 12 at s7. 

[0061] Figure 3 shows an example of the data in the database located in directory server 

14 that can be retrieved by gateway 12. In the case of aPPP session/ the dbstihati^^ 
included in a structured user name suppHed by the subscriber, such as "userl(^SPlxo.m". 
Gateway 12 then maps the destination according to the retrievedATM netwoiJc address or NSAP. 
In particular, the domain part of this name j '- ISPl.com", is mapped to the appropriate ATM 
network address. 

[0062] Next at s9, gateway 12 launches SVC 20 over ATM network 8 to connect 

subscriber 2a-c with destination 16a-c. Once the connection is established, the PPP session 
request and all subsequent packets will be forwarded to destination 16a-c at si 1. The database 
in gateway 12 also associates the subscriber's new session with the aforementioned ATM SVG 
connection for internal tracking purposes. 

6. Terminating the ATM SVC Connection 

[0063] An exemplary process for terminating ATM SVG connection 20 is shown in 

Figure 7. When subscriber 2a-c is finished with the session, subscriber 2a-c can log-off or 
disconnect from the communications network at s37. At s39, gateway 12 is notified that the 
subscriber has logged off. For one embodiment of the present invention (not shown), gateway 
12 will then immediately disconnect the session. At this point, ATM SVG 20 is torn down, and 
the system returns to an original state. Note, s41-s43 as depicted in Figure 7^ reflect another 
embodiment of the present invention which will be explmiied in further detail below. 

c. Multiple Session Feature 

[0064] It is noted that multiple sessions may be supported by the present invention. For 

instance, gateway 12 can be configured to provide a plurality of connections for an individual 
subscriber to a plurality of destinations 16a-c. Thus, for example, it is possible for a subscriber 
to establish a session with their employer's network, while concurrently having a session 
established vdth an ISP. 

[0065] Multiple sessions are transmitted over ADSL connection 6 (firom Figures 1 and 
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2), using point-to-point protocol (PPP) for data transinission. The data is transmitted through the 
PVC established for each subscriber to service gateway 12; in particular, the ADSL modem 
receives Ethernet frames from the CPE and inserts them into a single stream of cells, i.e., PVC 
18. Each PPP frame has a session identifier, that associates the contents of the frame with a 
session. Thus, the frames can be sorted arid reassembled according to the session identifier. The 
data is then transmitted over PVC 1 8, using PPP^ to gateway 12, Next, gateway 12 receives the 
data, reassembles, and processes it according to the session identifier. 

[0066] An "Exclusive Session" feature may also be provided in conjunction with the 

multiple sessions feature. For example, some destinations 16a-G might want the subscriber's 
session to the destination to be the only session active from the subscriber. The "Exclusive 
Session" feature is particularly suited for computer networic secxjrity. A security-conscious 
enterprise might desire this feature to prevent unintended access to their network througji the 
subscriber's CPE 2a-c, In particular, this feature acts to inhibit miiltiple sessions if desired, since 
many enterprises v^th corporate LANs prefer not to allow their home based users to have more 
than one connection up at a time. 

[0067] The "Exclusive Session" features operates as follows: Gateway 12 will query 

directory server 14 to determine if either the e^dsting session or the neM requested session are 
to destinations that only accept exclusive sessions. If either the existing session or the newly 
requested sessioii is to a destination that only accepts exclusive s^^ gateway 12 will not 
allow the newly requested session to be estabUshed. 

[0068] An exemplary process for the establishment of multiple sessions is illustrated in 

Figure 5. Once a connection is established, for instance to **userl@ISPl.com", gateway 12 
transfers data from first subscriber 2a, that is identified as part of first subscriber's session 
(through the PPP session ID or similar identifier), to *TSP1 .com", and vice- versa. 
[0069] At si 5, if it is determined that subscriber 2a requests a session to a second 

destination (by using, for example "userl@ISP2.com"), gateway 12 will perform a query to 
directory server 14 at sl7 to determine whether the existing or newly requested session is to a 
destination that accepts only exclusive sessions. If neither session is to a destination that accepts 
only exclusive sessions, gateway 12 will perform a query for the second destination name and will 
establish a new ATM SVC connection to the second destination name at si 9. 
[0070] If at sl7, either session is to be a destination designated as an "Exclusive Session", 

the subscriber's request is denied at s21. For instance, if the subscriber is coimected to 
"Enterprise.com" (from Figure 3), that subscriber would only be able to have a session to 
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"Enterprise.com", and would not be allowed to establish a second session to anywhere else, since 
the destination "Enterprise.com" has been designated as accepting only exclusive sessions. 

d. Connection Sharing Feature 

[0071] Another feature of the present invention is connection sharing. Aii exemplary 

process for sharing a connection is illustrated in Figure 6. In this example, the ATM SVC from 
service gateway 12 to the "ISPLcom" connection (from Figure 3), can be shared between 
subscribers 2a-2c. For instance, at s23 another subscriber 2b-c on the same gateway might also 
request a connection to the same destination by submitting the structuredi usemame 
"user2@ISPLcom". 

[0072] At s25, before launching an ATM SVC cormection 20, gateway 12 will check its 

own internal database to see if an ATM SVC connection 20 has already been established to that 
destination. If an ATM SVC has not already been established to that destination, gateway 12 
establishes a new independent session for the second subscriber 2b-c at s27. 
[0073] If there already has been an ATM SVC connection 20 established to the same 

destination, then gateway 12 will query directory server 14 to determine whether connection 
sharing is allowed, at s29. If connection sharing is allowed, gateway 12 connects the second 
subscriber 2b-c to the first subscriber's 2a already estabUshed ATM SVG connection at s31. 
Next, at s33, gateway 12 sends the PPP packets from the second subscriber 2b-c to the first 
subscriber's destination. For example, in the case of "ISPl.com" from (Figure 3), the PPP 
packets from the second subscriber 2b-c are transmitted to the same destination ("ISPl, com") as 
well at s33. If it is determined at s29 that connection sharing is not allowed, the logic proceeds 
to s27 and continues as described above. 

[0074] Two common techniques used for connection sharing employ L2TP and PTA. 

Both of these techniques are well known and, thu$, will not be described here. Other 
multiplexing techniques may also be used 

e. Retaining ATM SVC Connection Before Termination 
[0075] When aU ofthe sessions active on an SVG are d^^ 

ATM SVC 20 and the system returns to the original state as previously stated. However, another 
feature of the present invention is for gateway 12 to retain the ATM 5VC connection 20 for a 
predetermined period of time at s41 before it is torn down at s43, as illustrated in Figure 7. This 
feature is provided in case either the disconnected subscriber or another subscriber wants access 
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to the same ATM SVC connection 20. Furthennore, this feature increases the overall operational 
efficiency of the conHnumcations network. Eventually, though, all inactive ATM SVCs are torn 
down. This conserves network resources, as only those connections that are actually in use will 
have to be carried by the network. 

/ Call Flow Diagram 

[0076] Figure 8 is an exemplary call flow diagram showirig interactibh between the 

components of the communications network uised to estabhsh a virtual private network over 
asynchronous transfer mode (VPNoATM), according to an aspect of the present invention. 
[0077] At s300, to request a session, subscriber 2a-c wall supply the destination 

information needed by gateway 12, such as "ISPl.com". The session request is carried over 
broadband access connection 6 through access multiplexer 4 to gateway 12, Gateway 12 receives 
the request to establish the session from the subscriber 2a-c via the multiplexer 4. Then^ at s600, 
gateway 12 sends a query to the directory server 14, using the domain name as a key into the 
directory server's database. At s700, dkectory server 14, sends the ATM network address 
affiliated with the destination domain name from the request to gatew^ay 12. Next, gateway 12 
maps the destination according to the retrieved ATM network address. Gateway 12 then 
establishes an ATM SVC 20 over the ATM network 8 to connect to destination 16a-c at s900. 
Once the call is established, the PPP session request will be forwarded to destination 16a-c as 
will all subsequent packets. 

[0078] Although the invention has been described with reference to several exemplary 

embodiments, it is imderstood that the words that have been used are words of description and 
illustration, rather than words of limitation. Changes may be made within the purview of the 
appended claims, as presently stated and as amended, without departing from the scope and spkit 
of the invention in its aspects. Althotigh the invention has been described with reference to 
particular coniponents, materials and embodiments, the invention is not intended to be limited 
to the particulars disclosed; rather ^ the invention extends to all fimptionally equivalent structures, 
iriethods and uses such as are within the scope of the appended claims. 
[0079] In accordance with various embodiments of the present invention, the methods 

described herein are intended for operation as software programs rurming on a computer 
processor. Dedicated hardware implementations including, but not limited to, application specific 
integrated circuits, programmable logic arrays and other hardware devices can likewise be 
constructed to implement the methods described herein. Furthermore, alternative software 
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implementations including, but not limited to, distributed processing or component/object 
distributed processing, parallel processing, or virtual machine processing can also be constructed 
to implement the methods described herein. 

[0080] It should also be noted that the software implementations of the pre invention 

as described herein are optionally stored on a tangible storage medium, such as: a magnetic 
medium such as a disk or tape; a magneto-optical or optical medium such as a disk; or a soUd 
state medium such as a memory card or other package that houses one or more read-only (non- 
volatile) memories, random access memories, or other re-writable (volatile) memories. A digital 
file attachment to E-mail or other self-contained information archive or set of archives is 
considered a distribution medium equivalent to a tangible storage medium. Accordingly, the 
invention is considered to include a tangible storage medium or distribution medium, as listed 
herein and including art-recognized equivalents and successor media, in which the software 
implementations herein are stored. 

[0081] Although the present specification describes components and functions 

implemented in the embodiments with reference to particular standards and protocols, the 
invention is not limited to such standards and protocols. Each of the standards for Internet and 
other packet switched network transmission (e.g., TCP/IP, IJDP/IP, HTML, SHI^^ 
XML, PPP, SMTP, MIME), and pubUc telephone networks (ISDN, ATM, ADSL) represent 
examples of the state of the art. Such standards are periodically superseded by faster or more 
efficient equivalents having essentially the same functions. Accordingly, replacement standards 
and protocols having the same functions are considered equivalents. 
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WHAT IS CLAIMED: 

1 . A method for enabling broadband service subsaibers to dynamically access, from 
subscriber customer premises equipment, broadband service destinations via an ATM network 
comprising a plurality of ATM switches, the customer premises equipment being connected to 
at least one service gateway via at least one fiber terminating device, the at least one service 
gateway being connected to at least one directory server, the method comprising: 

receiving a session request, which identifies a selected one of the broadband destinations, 
in the at least one service gateway, wherein the session request is transmitted over a broadband 
connection using an Internet protocol; 

retrieving, using the at least one service gateway, an ATM network address of the selected 
broadband destination from the at least one directory server; 

launching an SVC over the ATM network from the at least one service gateway to connect 
the subscriber to the ATM network address; and 

forwarding the session request and subsequent packets to the selected destination to 
establish a session over the ATM SVC connection. 

2. The method according to claim 1 , wherein when the subscriber terminates the 
session, the at least one service gateway tears down the ATM SVC connection. 

3. The method according to claim 2, wherein the at least one service gateway retains 
the ATM SVC connection for a predeteraiined period of time before the ATM SVC connection 
is torn down. 

4. The method according to claim 1, further comprising concurrently establishing 
multiple sessions for one subscriber using a plurality of ATM SVC connections mapped to a 
plurality of different destinations. 

5. The method according to claim 1, further comprising sharing the ATM SVC 
connection with a plurality of subscribers such that each subscriber has a session established to 
the same destination. 

6. The method according to claim 5, wherein connection sharing is established by 
multiplexing each of the plurality of subscribers sessions onto a single SVC connection using one 

^ W: ■■■ ■■■ X '^^^ : : : 
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of Layer 2 Tunneling Protocol and PPP Tunnel Aggregation. 

7. The method according to claim 1, wherein the at least one directory server is 
provided with a table which correlates ATM network addresses with domain names. 

8 . The method according to claim 7, wherein the table further includes a connection 
sharing protocol for each domain name. 

; 9. The method according to claim 7, wherein fce table further indicates whether the 
session is exclusive for each domain name. 

10. The mefliod according to claim 7, wherein the table further includes whether caller 
I.D., for security purposes, is provided when sessions are established to the destination identified 
by the domain name. 

11. The method according to claim 1, wherein the retrieving further comprises 
querying the at least one directory server with a domain name, and receiving back the respective 
ATM network address, connection sharing protocol, data on whether the session is exclusive, and 
whether caller I.D. for security purposes is provided, for the domain name which has been 
queried. 

12. The method according to claim 1, wherein the at least one service gateway is 
provided with a database which is updated each time a subscriber logs in and logs out, to 
internally track existing ATM SVC connections. 

13. The method according to claim 1, wherein the at least one service gateway 
comprises a plurality of service gateways located in different geographical regions. 

14. The method according to claim 13, wherein the plurality of service gateways 
access different directory servers which are loaded with ATM network addresses for different 
geographical regions, thus preventing service gateways in one region fi:om laimching ATM SVCs 
to destinations in other regions. 
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15. The method according to claim 1 , wherein the at least one fiber temninating device 
and the at least one broadband service gateway are integrated into one unit, 

16. The method according to claim 1, wherein the at least one fiber tem^nating device 
comprises one of a multiplexer and a cable television head-erid. 

17. The method according to claim 1, fijrther comprising establishing a permanent 
virtual connection between the subscriber customer premise equipment and the at least one 
service gateway, 

18. The method according to claim 1, wherein the Intemet protocol comprises point- 
to-point protocol (PPP), 

19. A data conimunications network for enabling abroadband service subscriber to 
dynamically select at least one broadband service destination ffoiii subscriber customer premises 
equipment, the communications network comprising: 

an ATM network including a plurality of ATM switches; 
at least one fiber terminating device; 
at least one directory server; arid 

at least one broadband service gateway connected to the ATM network, the at least one 
fiber terminating device, and the at least one directory server, the at least one service gateway 
receiving Internet protocol packets, associated with a session request and transmitted firom the 
customer premises equipment, via the at least one fiber terminating device, the at least one service 
gateway then launching an ATM SVC connection over the ATM network to coimcct the 
subscriber to tlie at least one broadband service destination in response to die session request from 
the customer premises equipment 

20. The communications network according to claim 19, wherein point-to-point 
protocol (PPP) is used to transmit data from the customers premise equipment to the at least one 
service gateway. 

21. The communications network according to claim 19, fiarther comprising a 
permanent virtual connection between the customer premises equipment and the at least one 
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service gateway. 

22. The communications network according to claim 19, wherein the at least one 
service gateway comprises a plurality of gateways located in (iifferent geographical regions. 

23. The communications network according to claim 22, wherein the plurality of 
gateways acce ss different directory servers which are loaded with ATM network addresses 
appropriate for each different geographical region, preventing gateways in one region from 
launching ATM SVCs to destinations in another region. 

24. The communications network according to claim 19, further comprising a 
permanent virtual connection established between the at least one service gateway and the at least 
one directory server. 

25. The communications network according to claim 19, wherein the at least one fiber 
terminating device and the at least one broadband service gateway are integrated into one unit. 

26. The communications network according to claim 19, wherein the at ^1^^ 
service gateway is provided with a database which internally tracks existing ATM SVC 
connections. 

27. The communications network according to claim 19, further comprising 
concurrently established multiple sessions for the subscriber using a plurality of ATM SVC 
connections mapped to a plurality of different destinations. 

28. The communications network according to claim 19, further eomprising sharing 
a single ATM SVC connection with a plurality of subscribers such that each subscriber has a 
unique session established to the same destination. 

29. The communications network according to claim 28, wherein connection sharing 
comprises multiplexing each session into a single SVC connection using one of Layer 2 
Tunneling Protocol and PPP Tunnel Aggregation. 
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30. The cdnuuTOicatipiis network according to least one 
directory server is provided with a table which correlates ATM network addresses with domain 
names. 

31. The communications network according to claim 30, wherein the table further 
includes a connection sharing protocol for each domain name: 

32. The communications network according to claim 30, wherein the table further 
indicates whether the session is exclusive for each domain name. 

33. The communications network according to claim 19, wherein the at least one 
broadband service gateway queries the at least one directory server with a domain name, and the 
at least one service gateway receives back a respective ATM network address, and connection 
sharing protocol data indicating whether the session is exclusive, for that respective domain 
name, 

34. The communications network according to claim 1 9, wherein the at least one fiber 
terminating device comprises one of a multiplexer and cable television head-end. 

35 . A computer readable medium storing a computer program that enables broadband 
service subscribers to dynamically access; from subscriber customer premises equipment, 
broadband service destinations via an ATM network comprising a plurality of ATM switches, 
the customer premises equipment being connected to at least one service gateway via at least one 
fiber terminating device, the at least one service gateway being connected to at least one directory 
server, the computer readable mediimi comprising: 

a source code segment tliat receives a session request, which identifies a selected one of 
the broadband destinations, in the at least one service gateway, wherein the session request is 
transmitted over a broadband connection using an Internet protocol; 

a source code segment that retrieves, using the at least one service gateway, an ATM 
network address of the selected broadband destination from the at least one directory server; 

a source code segment that launches an SVC over the ATM network from the at least one 
service gateway to connect the subscriber to the ATM network address ; and 

a source code segment that forwards the session request and subsequent packets to the 
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selected destination to establish a session over the ATM SVC coimection. 
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